Adobe Content Server download.asp loanMin Parameter eBook DoS
Remote / Network Access
Denial of Service,
Loss of Availability
Content Server contains a flaw that may allow a malicious user to deny access to any book. The issue is triggered when an attacker uses a locally modified copy of the loan script to modify the loanMin parameter, which specifies the length of time a book is on loan. The loanMin parameter is not verified, and so any value is accepted. It is possible that the flaw may allow books to be listed on loan for a very long time resulting in a loss of availability.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.